This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Your company's senior executives are discussing cyber security and the possibility of suffering a data breach. The CEO read that if a company has valuable data, then a breach is statistically inevitable. Thankfully your company hasn't discovered a breach, but that means very little. FireEye says that a breach can go undetected for as long as 200 days. The worried CEO picks up the phone, calls you and asks, "Has our enterprise network been hacked?" He wants a definitive yes or no answer, right then and there. What do you tell him?To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Your company's senior executives are discussing cyber security and the possibility of suffering a data breach. The CEO read that if a company has valuable data, then a breach is statistically inevitable. Thankfully your company hasn't discovered a breach, but that means very little. FireEye says that a breach can go undetected for as long as 200 days. The worried CEO picks up the phone, calls you and asks, "Has our enterprise network been hacked?" He wants a definitive yes or no answer, right then and there. What do you tell him?To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. In 2012, the social networking site LinkedIn suffered a data breach in which username/password combinations were stolen. Four years later, in 2016, at least 117 million sets of credentials from this breach were available for purchase online. MySpace suffered a similar data breach, and years later 427 million sets of credential were posted online.These events have prompted e-commerce companies that have not suffered a data breach to urge their customers to change their passwords as soon as possible.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Who's that coming to your website? Is it friend or foe? Is it a customer wanting to buy your products, or someone or something wanting to steal your web content? Is it a community member that wants to post a relevant comment, or a spammer intent on planting junk links and content in your open comments section? Is it a real person clicking on an ad, or a web bot driving up fraudulent clicks?Web applications are increasingly being subjected to automated threats such as click fraud, comment spam, content scraping, abusive account creation, and more. These and other illicit or unwanted activities are described in detail in the OWASP Automated Threat Handbook for Web Applications.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Who's that coming to your website? Is it friend or foe? Is it a customer wanting to buy your products, or someone or something wanting to steal your web content? Is it a community member that wants to post a relevant comment, or a spammer intent on planting junk links and content in your open comments section? Is it a real person clicking on an ad, or a web bot driving up fraudulent clicks?Web applications are increasingly being subjected to automated threats such as click fraud, comment spam, content scraping, abusive account creation, and more. These and other illicit or unwanted activities are described in detail in the OWASP Automated Threat Handbook for Web Applications.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The term "advanced persistent threat" is tossed around so frequently that some people might think that every cyberattack results from an APT. This is far from the case. In fact, APTs represent a very dangerous category of cyber threats that use sophisticated resources and techniques to evade detection and that are tenacious in their mission, whether it's to steal information or disrupt normal operations.NIST defines advanced persistent threat by describing three characteristics. The APT:1. Pursues its objectives repeatedly over an extended period of timeTo read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The term "advanced persistent threat" is tossed around so frequently that some people might think that every cyberattack results from an APT. This is far from the case. In fact, APTs represent a very dangerous category of cyber threats that use sophisticated resources and techniques to evade detection and that are tenacious in their mission, whether it's to steal information or disrupt normal operations.NIST defines advanced persistent threat by describing three characteristics. The APT:1. Pursues its objectives repeatedly over an extended period of timeTo read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. There's a lot of innovation going on in the WAN these days. New strategies from a variety of network companies hold the promise of building better security, control and performance into regular broadband and LTE networks.Cradlepoint is the latest vendor to announce its software-defined wide area network architecture. The Cradlepoint NetCloud platform enables software-defined and cloud-based wired and wireless broadband networks for branch, mobile and IoT.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Most people who have anything to do with cybersecurity are familiar with the Center for Internet Security (CIS) Critical Security Controls, also commonly known as the SANS Top 20, or more simply the Controls. This list consists of a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks.Implementing the Controls is no guarantee an organization will have a bullet-proof defensive posture, but it significantly reduces both the risk that a breach will happen and the impact to the organization if such an event were to occur. What's more, theControls constitute a minimum level of security that any organization that collects or maintains personal or sensitive information should meet.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Most people who have anything to do with cybersecurity are familiar with the Center for Internet Security (CIS) Critical Security Controls, also commonly known as the SANS Top 20, or more simply the Controls. This list consists of a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks.Implementing the Controls is no guarantee an organization will have a bullet-proof defensive posture, but it significantly reduces both the risk that a breach will happen and the impact to the organization if such an event were to occur. What's more, theControls constitute a minimum level of security that any organization that collects or maintains personal or sensitive information should meet.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
There's a powerful new generation of security operations (SecOps) tools coming to market designed to help SecOps teams find and react to threats much quicker than before. The best of these tools also enable security analysts to proactively hunt for threats that might be present in their enterprise environment.
These tools bring data together from disparate sources and begin to connect the dots so analysts can dive right into the investigation without having to search for relevant data points. The products tend to eliminate the manual work of sifting through logs, finding all the relevant data, and trying to find correlations among the events.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
There's a powerful new generation of security operations (SecOps) tools coming to market designed to help SecOps teams find and react to threats much quicker than before. The best of these tools also enable security analysts to proactively hunt for threats that might be present in their enterprise environment.
These tools bring data together from disparate sources and begin to connect the dots so analysts can dive right into the investigation without having to search for relevant data points. The products tend to eliminate the manual work of sifting through logs, finding all the relevant data, and trying to find correlations among the events.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Michael Bruemmer's team is busy these days, and that's both good news and bad news for companies like yours. Bruemmer heads up the Data Breach Resolution group at Experian. This team provides the call center, notification and identity theft protection services to clients following a data breach.Over a span of 12 years, this arm of Experian has serviced nearly 17,000 breaches. In 2015, the group serviced 3,550 different incidents, from small breaches that affected just a few hundred people, to the headline-making breaches that affected tens of millions. The fact that Experian has been involved in responding to so many breaches is the bad news I alluded to.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. Michael Bruemmer's team is busy these days, and that's both good news and bad news for companies like yours. Bruemmer heads up the Data Breach Resolution group at Experian. This team provides the call center, notification and identity theft protection services to clients following a data breach.Over a span of 12 years, this arm of Experian has serviced nearly 17,000 breaches. In 2015, the group serviced 3,550 different incidents, from small breaches that affected just a few hundred people, to the headline-making breaches that affected tens of millions. The fact that Experian has been involved in responding to so many breaches is the bad news I alluded to.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
The advent of worker mobility and cloud computing have played havoc with the traditional network perimeter. At one time the perimeter was a well-established concept. All of our users, locations, data centers and applications were inside this zone protected by strong network security. That notion seems almost quaint today.
With mobile users and data and applications in the cloud, the old perimeter has basically dissolved, leading to the development of entirely new security tools—secure web gateways, cloud access security brokers, enterprise mobility management, and so on. These new products and services augment the traditional network security stack of firewalls, anti-virus, email and web filtering, etc.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
The advent of worker mobility and cloud computing have played havoc with the traditional network perimeter. At one time the perimeter was a well-established concept. All of our users, locations, data centers and applications were inside this zone protected by strong network security. That notion seems almost quaint today.
With mobile users and data and applications in the cloud, the old perimeter has basically dissolved, leading to the development of entirely new security tools—secure web gateways, cloud access security brokers, enterprise mobility management, and so on. These new products and services augment the traditional network security stack of firewalls, anti-virus, email and web filtering, etc.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. When it comes to network and endpoint security incidents, there's no shortage of products that can detect suspicious activities and send up alerts. However, what there is a shortage of is skilled incident response experts and time to investigate all the alerts. Security operations (SecOps) professionals need better tools and more efficient processes to become more effective.Demisto Inc. is a new company that launched in May to address these challenges. Demisto says it can help Security Operations Centers (SOCs) scale the capabilities of their human resources, improve incident response times, and capture evidence while working to solve problems collaboratively. The Demisto Enterprise platform is an innovative approach that includes enabling collaboration among analysts and intelligent automation using bots and playbooks.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. When it comes to network and endpoint security incidents, there's no shortage of products that can detect suspicious activities and send up alerts. However, what there is a shortage of is skilled incident response experts and time to investigate all the alerts. Security operations (SecOps) professionals need better tools and more efficient processes to become more effective.Demisto Inc. is a new company that launched in May to address these challenges. Demisto says it can help Security Operations Centers (SOCs) scale the capabilities of their human resources, improve incident response times, and capture evidence while working to solve problems collaboratively. The Demisto Enterprise platform is an innovative approach that includes enabling collaboration among analysts and intelligent automation using bots and playbooks.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The Bay Club Company is an operator of private clubs that blend fitness, swimming and tennis. Today the company has 24 clubs across California, but it's growth path could potentially double that by the end of 2017. The Bay Club's expansion strategy includes acquiring smaller clubs and bringing them into the portfolio.IT director Mark Street is charged with bringing the acquired clubs into the Bay Club network as quickly as possible. That connection is essential in order for the club, from a technology point of view, to begin operating and feeling like a Bay Club. Street says it would take 60 to 90 days to bring a new club onto the traditional corporate backbone, but his goal is to be able to fully integrate a new club within a week to help The Bay Club and its members benefit from the new acquisition faster.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The Bay Club Company is an operator of private clubs that blend fitness, swimming and tennis. Today the company has 24 clubs across California, but it's growth path could potentially double that by the end of 2017. The Bay Club's expansion strategy includes acquiring smaller clubs and bringing them into the portfolio.IT director Mark Street is charged with bringing the acquired clubs into the Bay Club network as quickly as possible. That connection is essential in order for the club, from a technology point of view, to begin operating and feeling like a Bay Club. Street says it would take 60 to 90 days to bring a new club onto the traditional corporate backbone, but his goal is to be able to fully integrate a new club within a week to help The Bay Club and its members benefit from the new acquisition faster.To read this article in full or to leave a comment, please click here